Linux Malware: Are We There Yet?

For years, one of the biggest benefits of escaping Microsoft Windows was that running a security suite with a Linux distribution was completely unnecessary. There simply wasn’t a need for it.

Now this isn’t to say that one OS is more secure than another (that’s a debate for another article entirely). However I’ve found that in general, the most dangerous thing you will run into on the Linux desktop is a lousy upgrade experience.

In this article, I’ll take a look at why so many users believe Linux is completely safe and how this belief is false. The fact of the matter is, no operating system is truly malware proof. In truth the threat level experienced tends to vary from platform to platform.

Windows malware vs Linux malware

One of the biggest misconceptions coming from newer Linux users is that by getting away from Microsoft Windows, they’re now free to run their PCs without a care in the world. While it’s true that the Linux desktop isn’t nearly as big of a target as the Windows desktop, it’s foolish to think that security isn’t a concern at all.

As a matter of fact, there are ample malware issues that Linux users need to be aware of. The difference is that unlike Windows, most issues come from rootkits and phishing attempts.

Another growing trend taking place on the OS X landscape is malware being bundled with what appears to be legitimate software. Even worse, is the realization that OS X’s own built-in defenses are easily defeated instead of protecting the end-user.

Considering that OS X is closer in nature to Linux than Windows, OS X should serve as a warning that pretending security threats don’t exist will cost you in dealing with these issues later. Perhaps this is why OS X is pushing their new application store so hard? After all, this desktop app store is considered a trusted source for software.

If there was one glaring area where desktop Linux security is lacking, it’s how easily most users will happily install random software from unknown sources. Despite modern distributions offering some protective measures to save critical parts of the operating system, a sophisticated attack could create problems if left unchecked.

Clearly, sticking to trusted software sources only, or simply compiling your own, would offer the safest results. And even at that, relying on what is believed to be a trusted brand name, simply isn’t enough anymore.

On the other hand, most malware targeting the Linux platform is going after the server space – not the desktop space.

The reason for this is two-fold: First, Linux server adoption is massive in comparison to desktop Linux adoption. Second, malware creators are getting plenty of „bang for their buck“ by simply targeting Windows and OS X users on the desktop.

Much like it is with offering anything cross-platform, malware developers seem content to pretend like Linux on the desktop simply isn’t worth it.

Bots, rootkits and unknown commands

I’d suggest that the single most dangerous thing a Linux user could do to their system is forget to keep frequent backups of their home folder. Other than this, unknown commands being ignorantly executed would be my next big warning for newer users.

For the rest of us, many believe that so long as our PCs are secured with strong passwords, secured with closed ports and rely on public keys for SSH access, there’s really nothing to worry about. After all, bots and rootkits are something you only hear about when dealing with web servers, not home desktop machines.

But this certainly doesn’t mean a new and undiscovered security threat isn’t coming up on the horizon anytime soon. All it takes is the right motivation and enough careless individuals to execute the malware on their machines.

Think it’s impossible? The same belief was once held with malware on smartphones.

Malware and smartphones

Long before Android was available to the masses, I wrote a piece about how I believed that we’d begin seeing malware attacking smartphones any day now. As expected, I was ripped apart in the „court of public opinion“ because the idea of mobile malware was considered preposterous at the time.

Now it would seem I have the last laugh as malware is very much a part of today’s mobile software world.

The point I’m making here is that just because it’s not an issue yet, that doesn’t mean it won’t be an issue in the future. Is Linux on the desktop less of a malware target right now? Sure, it’s quite safe from a security point of view. However, should someone opt to run a webserver on their local Linux box without securing it safely, let me tell you, malware will find you quite easily.

Remember, perspective is everything when it comes to malware threats. Remember this old adage: today’s joke is tomorrow’s crisis. As dumb as malware prevention might seem on desktop Linux today, tomorrow it’s likely to become a reality.

Securing the Linux desktop

What would happen if we went against our gut reactions and decided to start scanning our Linux desktop PCs as if they were running Windows? An absurd idea, right? But what if getting into this habit turned into something that saves you a massive security issue a few years down the road? Still think it’s a waste of time?

Consider for a moment, using ClamAV and one of the available front-end interfaces such as ClamTk on a weekly basis, just to be 100% sure everything is on the level.

Remember that ClamTk is easy to schedule for automatic scanning. So this removes any perceived wasted time being spent tracking down malware. Just set up the software, leave the PC on and go on with your day. Now I certainly can’t speak for everyone, but this doesn’t sound like such a big sacrifice.

Malware in a Linux future

For those of you who choose not to bother with the idea above, that’s certainly fine. Perhaps you’re skilled enough that the idea of malware infecting your Linux installation borders on ridiculous. While I’ll grant you that the likelihood of Linux malware being an issue is still a couple of years off, you just never know when something might sneak up on you.

Remember, a ClamAV-based scanning solution means you’re using malware definitions that are not just for Linux-based threats, but also detects malware from Windows and OS X as well.

Still think that scanning for malware on Linux is a waste of time? Then think of it this way. Worst case scenario, you do a scan and it detects a Windows virus in an attachment you were about to send to a friend. Either way you look at it, you’re forming healthy habits for the future and potentially saving a friend from their own operating system.

Even though most of you reading this will never bother with a malware scan on your Linux system, at least when the time comes that it’s necessary, you’ll be able to look back and remember that I told you so.